What’s the retail industry receiving this holiday season? Most likely a new malicious link or document. A new IBM report revealed that attacks involving malware are prevalent, making up most of the threat activity observed across the IBM Managed Security Services client networks. Malware is the leading attack type in breaches, according to IBM X-Force Interactive Security Incidents data.

Think Twice Before Clicking

As in most other industries, attacks aimed at fooling victims into opening malicious documents or clicking on links to malicious sites are proving very successful in retail. The intent is almost always to have the victim download malware. These attacks accounted for nearly 18 percent of the total attacks observed targeting retail in 2015, according to the IBM data.

The Gift You Don’t Want That Keeps on Giving

Cybercriminals see no need to reinvent the wheel; proven attack vectors such as Shellshock and SQL injection continue to plague retailers. Although it’s been around since 1995, SQL injection is still one of the most common attacks on Web assets. It is also the second-most common known attack type associated with retail security breaches.

Named one of the threat game changers for 2014, the Shellshock vulnerability is now the No. 3 attack vector. It accounted for over 13 percent of the attacks in the retail industry in 2015.

Shifting Focus: Attackers Targeting Smaller Businesses

With security controls tightened in large enterprises, attackers are going after smaller businesses. The payoff per target may be lower, but the targets are easier and far more numerous. Analysts are finding it difficult to assess the true impact of this shift because many smaller retailers aren’t reporting the number of compromised records in their disclosures.

No Major Uptick in Retail Attacks Over Black Friday/Cyber Monday

IBM also assessed attack data from the Black Friday/Cyber Monday weekend. Those days might seem like a good time for increased attacks, but historically we haven’t seen a sharp uptick. This year fared no differently, with the daily average number of attacks that weekend only slightly above the daily average for the year.

The Financial Damage Is Escalating

As the 2015 Cost of Data Breach Study: Global Analysis reported, “While the cost of data breach stayed relatively constant for most industries, the retail sector experienced a significant increase, from $105 [per record] in 2014 to $165 in 2015.” Given the sheer volume of breaches — almost 236 million records are known to have been compromised since 2011 — that means losses in the billions.

With all the concerns plaguing the retail industry, organizations need to understand the trends and make the security investments that best respond to them. The IBM recommendations are meant to optimize security programs to stop advanced threats and protect the crown jewels.

Read the complete research report on security trends in the retail industry